Pioneer WordPress Security

Seguridad Completa

Para Su Sitio Web

Pioneer WordPress Security

Share ∨

Why Sucuri

Reliable Network

WordPress Security

Proven Website Solution

Peace of Mind

Favorite Features

Web Application Firewall

Site Monitoring

Improved Performance (CDN)

Daily/Monthly Reports

Kevin Baker is not a geek. However, he is admittedly technically inclined. As the founder of pioneerwordpresssecurity.com Kevin spends a healthy portion of his time deep within the dark underbelly of the Internet. Through his years of experience, he has come to recognize several truths. One of those truths is that 100% safety does not exist. Another truth is that proper planning and preparation can increase overall security and significantly reduce the possibility of a compromise.

The challenge in planning and preparing properly is that many are not specialized in the field. Website owners may be unsure how to execute a security strategy or may be unaware of the very real threats that exist. In the Internet’s often misunderstood security environment, Baker works to illumine and help his customers achieve security. He leverages Sucuri’s technology to aid in accomplishing that goal.

The Starting Line

With a background in web design, the foundation was already laid for Kevin’s foray into the Internet security world. The comprehensive experience Kevin garnered in his early career left him more than tech savvy. He became astute in the field of website technology and maintained a critical eye toward security, something owing in part to his military background. An example would arise as he explored the earliest versions of WordPress with healthy skepticism.

The platform’s usefulness seemed to outweigh its weaknesses and was quickly adopted. Still, WordPress was vulnerable and this necessitated learning more about how to protect it. Therefore, Kevin naturally gravitatied toward the security realm.

The Wake Up Call

Share ∨

The need for attention to security detail was not always as prominent. Initially, Kevin relied almost entirely on his hosting provider for security. Unbeknownst to him at that time, a significant majority of hosting providers do not provide the basic elements of website security. In many cases, the only security offered by a webhost applies to the network and server level. In these instances, securing the website is often viewed as the website owner's responsibility. Yet, this view is not always readily communicated for fear that customers will lack trust in the webhost and take their business elsewhere.

In 2009, Kevin hosted with a company that was well known for their high quality service. However, that company (like many others) did not provide website security. Additionally, they did not communicate their lack of support or the fact that Kevin should maintain independent security measures for his site. The result? He experienced his first hacked website and the host offered little assistance.

Like most people learning to do something new, I made mistakes. One of my biggest mistakes was installing a bunch of sites that I used for testing that were live. But, I didn’t look at them very often. So, I didn’t update them or look through the files for things that were out of place, and I was a bit scatter gun in that respect. I left a lot of sites out there that were available to be trolled, penetrated and taken over.

Eventually, I discovered, when trying to log into my main blog at the time, I couldn’t get in. I was locked out and I couldn’t understand why until I looked in the bottom corner of my screen and saw something with a ‘.ru’ at the end of it. And, I knew that wasn’t my site address. I contacted my webhost then and they said, ‘Oh yeah... you’ve been hacked.'

Determination

Share ∨

After growing in his knowledge related to the WordPress platform, Kevin began working with clients in 2011. While working with his customers, he better understood their needs. Customers wanted him to update websites and update their plugins; essentially, they wanted him to use the information he had to do the necessary maintenance which would provide a safer WordPress experience.

His first customer came from a WordCamp. It was a cash transaction and was on target in leveraging his WordPress skills. Kevin built his business to a substantial 15 to 20 sites which he regularly monitors. His services are hands-on, almost boutique in their format, and encompass teaching and competency testing. He also continues to takes classes and actively absorb more information-especially in the security space.

The hack was the obvious pivot point and marked the slightly altered trajectory which motivated Kevin to emphasize security. His passion comes into play as he encountered people who work diligently to run a business and make money, yet those same individuals lack basic website security principles. Kevin has seen a variety of scenarios, many following this path:

Companies exposed

Designers fail to educate

Vulnerability exploitation

Consequently, Kevin’s driving passion is education and education specifically designed for the average business owner.

Every lesson I teach is a lesson I’ve learned myself. I was going to WordCamps and seeing all these people who were expecting their hosting companies to take care of it. I explained to them that they don’t, and also why and how I knew. The response I received was, ‘Really?!’

Kevin further derives purpose in sharing principles about a company’s responsibility:

Any clients you may have, if you’re taking personal data from them, that’s possibly going to be exposed. There’s a financial penalty for you as a business, if that’s the case. That’s a risk you can’t even quantify.

Plan for Prevention

Share ∨

Kevin’s first hack experience taught him valuable lessons. His sites used a large variety of plugins, but those plugins were not regularly updated. The development approach was scattered and left many facets of the websites vulnerable. Subsequently, his lack of knowledge (at the time of occurrence) left him with no solution. He did not understand how it happened and did not have any research which could be used to resolve it. There were no auto-backups in place and everything was lost, including money spent on server accounts and the time he had invested in learning.

Not only did I not understand how it had happened, I didn’t have any recourse to find out. My host didn’t have server monitoring. There was no way to compare WordPress with the files on the server. None of that was in place at the time.

One of the first steps Kevin took was utilizing a solution for migrating, backing up and maintaining a physical copy of the site. He then researched WordPress security options in hopes of finding solutions. He eventually found Sucuri when looking for a malware scanner. Since this point, Kevin has used Sucuri for about four or five years with successful results. The primary driver and motivation for his use of Sucuri technology was the malware scanner. The firewall was also recognized as a valuable offering for protecting websites.

Installing the Sucuri Plugin is one of the first things I do on a brand new site. I do a malware check and do not set anything up. I just leave it. I leave it for about 5 or 6 days. Then, I’ll go and show the site owner the ‘last logins’ page and the failed login attempts-to show them just how much diverse traffic is coming to their login page. When they see that 500 or 600 attempts, and their jaw just drops and that sends a real message. Then I set up everything properly and incorporate other facets into the site.

A comprehensive prevention strategy can never be “over-developed” when coupled with successful execution. These strategies have created the building blocks for Kevin’s website development and security business. A key piece of his strategy is the early implementation of Sucuri’s products.

Kevin shared a few words to sum up the value he derives from using Sucuri.

I value the peace of mind that comes with knowing what’s going on and the ability to go in and look at any changes etc. It is the awareness Sucuri gives.